Retrieve the primary group from LDAP

By default, the user-mapping service combines information from AD and LDAP but gives precedence to the information from AD. You can create a mapping rule to control how OneFS combines the information, giving precedence to a primary group from LDAP rather than from Active Directory for a user.

1. Click Access > Membership & Roles > User Mapping.
2. Select the Current Access Zone that contains the rules you want to manage, and then click Edit User Mapping Rules.
   The Edit User Mapping Rules dialog box appears.
3. Click Create a User Mapping Rule.
   The Create a User Mapping Rule dialog box appears.
4. From the Operation list, select Insert fields from a user.
   The Create a User Mapping Rule dialog box refreshes to display additional fields.
5. To populate the Insert Fields into this User field, perform the following steps:
   1. Click Browse.
      The Select a User dialog box appears.
   2. Select a user and an Active Directory authentication provider.
   3. Click Search to view the search results.
   4. Select a username and click Select to return to the Create a User Mapping Rule dialog box.
      The primary group of the second user is inserted as the primary group of the first user.
6. Select the Insert primary group SID and GID check box.
7. To populate the Insert Fields from this User field, perform the following steps:
   1. Click Browse.
      The Select a User dialog box appears.
   2. Select a user and an LDAP authentication provider.
   3. Click Search to view the search results.
   4. Select a username and click Select to return to the Create a User Mapping Rule dialog box.
8. Click Add Rule.
   

   
   

   Rules are called in the order they are listed. To ensure that each rule gets processed, list the replacements first and the allow or deny rules at the end. You can change the order in which a rule is listed by clicking its title bar and dragging it to a new position.

   
   
9. Click Save Changes.